Tuesday, 16 October 2018

Applied Software Delivery : Optimal Backlog

Backlog management should be simple and efficient, what are the key things you can do to make it so?


Give teams their own backlogs

Each cross functional team of around (-+3)+7 members must have their own backlog.

This is one of the biggest productivity improvements you can make. If teams have to work in a global backlog then team members have to scan the whole backlog, sort stories against each other, discuss and understand stories, allocate bugs, etc. This is highly inefficient and puts backlog management on the exponential waste curve, when team has its own backlog it puts them on to the linear waste curve.


Keep it short

Large backlogs are wasteful because refined stories will get dropped as business priorities change and they create lots of unnecessary maintenance and conversations which intern creates confusion and misunderstandings.

You can prevent backlog waste by ensuring that each cross-functional team has their own backlog and that they have only 1-2 sprints or just-in-time worth of work refined overall.


Prepare for the story refinement meeting

You can reduce further time waste by creating draft stories with clear INVEST acceptance criteria before the team refinement meeting. This will give story refinement session overall focus and a strong starting point for a discussion. I don’t agree that all stories need to be created together with the whole team from scratch. Story refinement meetings should be used to get everyone to ask questions, think, create shared understanding and figure out “how” they are going deliver “what” is specified in the user story.


“Organizing is only necessary when you have too many things. Think about it: when we organize a collection of books, it’s because when they’re not organized, we can’t find the books we want. But if we had, say, five books, we wouldn’t need to organize.” By Leo Babauta

Sunday, 2 September 2018

Applied Software Delivery : Full Stack Developer vs Partial Stack Developer

Agile team consists of cross-functional team members, some of them work on the backend, frontend, infrastructure, persistence, etc. Typically developers specialise in one of these areas. However what happens if you identify a constraint in your team? What if a developer leaves? This means you have to hire or borrow a developer from another team. What is the alternative?

Full Stack

This developer is a Swiss army knife developer. Full stack developers have large amount of shallow (and maybe in depth) knowledge and can take on large amount of technologies, such as .NET, Angular, MSSQL, MongoDB, Azure Hosting, Selenium, etc. Finding these people is near impossible, why is explored here by Andy Shora.

Partial Stack

Much more realistic alternative would to be to move away from developers with single speciality towards hybrid developers. These developers would not know the entire stack but they would have a primary (core) and secondary skill. How does this compare?

Team with single skill

Name Skill
John Austin Angular
Vince Perk BDD
Sarah Wood .NET Developer
Ed Skim Test Analyst
Martin Lee Angular
Jason Dmit .NET Developer

Single skill model creates fragile teams. If single skill is not available then developers need to be borrowed from other teams or new additional people need to be hired, chances are that inventory will start to pile up. This slows down overall delivery.

Team with hybrid skills

Name Primary Skill (Core) Secondary Skill
John Austin Angular .NET Developer
Vince Perk BDD .NET Developer
Sarah Wood .NET Developer Angular
Ed Skim Test Analyst BDD
Martin Lee Angular Test Analyst
Jason Dmit .NET Developer BDD

Teams with hybrid developers are less fragile, they can elevate constraints, resolve issues within a team, don’t have to wait for anyone, which means they are more empowered and productive.

To create teams with hybrid developers your company will need to cross-skill existing staff and start hiring people with relevant skills. All of this will take time and patience. However, I do believe that this will not just benefit the organisations, but also the developers.

Saturday, 25 August 2018

Applied Software Delivery : Hidden Impact Of Team Leaders

Upon reading software management books, one of the things that I don’t recall reading much about is the impact of team leaders on the overall team's performance. Most software management books talk about lean production, theory of constraints, etc. These concepts are important, however these books do skip the very important factor in software engineering, people. Good team leaders can make a software team fly or crawl.

No matter what you call your team leaders, managers, scrum masters, supervisors, etc. These people have huge impact. Good team leaders resolve issues, bring people together and ironically enable the team to be more self organising. Team leaders are the ceiling of your teams performance.

When it comes to software development things are not easy, especially at scale. Your typical software team will be facing issues with the following:

  • Infrastructure 
    • Build servers 
    • Release pipelines 
    • Laptops 
    • Environments 
    • Access 
  • Timely, clear and prioritised: 
    • Functional Requirements 
    • Non functional requirements 
    • Business priorities 
  • Bugs 
  • Customer requests / feedback 
  • Ambiguous or bad decisions 
  • People 
    • Absence 
    • Behaviour 
    • Conflict 
    • Lack of staff 
  • … the list goes on

At scale there are hundreds of things that can go wrong during a sprint. Good team leaders work with their teams to implement permanent solutions to these problems. They assign work to the right people in the team, they provide right level of support and coach for optimal performance. This is not easy stuff, especially when you have to do it everyday. It is unlikely that team leaders in your organisation will be able to do this out of the box, which means you will need to listen, train, mentor, coach, and generally invest in them.

Managers of all levels often overlook this and focus on the wrong things. Personally, I have fixated more on the lean production concepts such as single piece flow, theory of constraints then team leaders. Why? Well, process is easier to implement and change. People are hard. They are not code, they are not servers, they can’t be changed with few lines of code and they can’t be reconfigured within few seconds. It takes time and patience. In software engineering this is the hardest and the most important thing you can do, invest in your people, especially in your team leaders, before you fixate on agile concepts and technology.

Thursday, 21 June 2018

Azure Active Directory (AD) Inviting Members and Guests (B2B)

Recently Azure has switched off the old portal and along with it the old Azure AD client. In the old portal there was a way to invite guests and members. In the new portal you can currently only invite guests, if you would like to invite members you need to do this through PowerShell. In this blog post we are going to take a look at how B2B actually works and how you can invite members.

What is a difference between a member and a guest user type? User type is used to enforce different security polices, Microsoft has written some great documentation about this. I found this image extremely helpful in their documentation:

How B2B invite works

How B2B invite works

Let's unpack what is happening in the image above. You can invite users from external Azure ADs and Microsoft Accounts. You can't invite users from Google Identity, etc. The whole B2B collaboration feature works in Microsoft ecosystem only. This means if your company decides to invite 3rd party company users that does not have Azure AD then these users will end up creating Microsoft Accounts to login in to your service.

How to invite members from external Azure AD

Let's say that Elliot Alderson works for ECorp, his original account is residing in ecrophq.onmicrosoft.com Azure AD. Elliot Alderson works for Ecorp Fraud department. ECorp fraud department has decided to get their own Azure AD as they want to enforce their own security rules on their subset of users. Also, they do not want to call ECorp HQ IT department every time they want to setup a brand-new application for authentication (client id, audience, etc).

In this case ECorp Fraud admin will need to run the following script. To keep things simple when this admin calls Connect-AzureAD he will just use adprincipal@ecorpfraud.onmicrosoft.com account to authenticate and invite Elliot.

   
Connect-AzureAD

New-AzureADMSInvitation -InvitedUserEmailAddress "elliot.alderson@ecorphq.onmicrosoft.com" -InviteRedirectUrl https://www.ecorp.com  -SendInvitationMessage $true -InvitedUserType Member

Once Elliot receives the email and accepts invitation this is how this setup will look like:

How Azure AD references users from external Azure AD

I do not know about the Azure AD internals, so I am going to speculate now. It seems that when you add a user from external Azure AD in to your Azure AD it creates this user record as an extension. When Elliot gets the invite or is given the consent URL and approves permissions, referenced link gets created so Azure AD knows where to redirect user to authenticate.

Tuesday, 5 June 2018

Azure AD - Relationships between Azure EA Accounts and Subscriptions

When it comes to relationship between Azure Portal, Azure AD and Azure EA Portal it can get very confusing and frustrating. It can be hard to understand what you have to do to enable authentication in to the Azure Portal and why you have so many Azure ADs flying around. This brief blog post will try and explain relationship between Azure EA Portal account, Azure AD that gets created automatically and Azure subscriptions that can be accessed in the Azure Portal.

When you login to the Azure Enterprise Agreement Portal (Azure EA Portal) you can create "accounts" and under accounts you can create "subscriptions". Subscriptions is where you place your services (this is done in Azure Portal). Accounts is where you place your subscriptions (this is done in Azure EA Portal). When you create "account" Azure AD is automatically created for that account, and all subscriptions under that account link to that Azure AD. Here is the diagram that shows this relationship:

Azure AD, Subscription and Account Relationship Diagram

Let's say you have created ECorpFraud account in the Azure EA Portal and it belongs to ECorp Fraud department. That account will automatically get ECorpFraud Azure AD. This AD will be used to authenticate your users in to Azure Portal and let them see relevant Azure Subscriptions.

Imagine that Alice works in ECorp Fraud department, someone will need to add her to the ECorpFraud AD, once she is in there you will be able to give her permissions to see resources in Subscription A or B. Azure Portal itself uses Azure AD to enable authentication.

Now, if I create ECorp Finance account, same thing will happen. Azure AD for ECorp Finance will be created. I will then be able to add relevant users to that AD and then give them access in to the relevant subscriptions, in this case Alice and John.